Initially the project was focused in displaying raw code and methodologies used in bypassing AV but the project is now going up a new level. <br />

+

<b>I have decided to develop a functional program that will bypass antivirus on the go with advanced polymorphic and Human like intelligence techniques. <br />

=Project About=

=Project About=

Revision as of 11:01, 19 December 2012

Main

The Project is under development .
Initially the project was focused in displaying raw code and methodologies used in bypassing AV but the project is now going up a new level. I have decided to develop a functional program that will bypass antivirus on the go with advanced polymorphic and Human like intelligence techniques.

Project About

PROJECT INFOWhat does this OWASP project offer you?

RELEASE(S) INFOWhat releases are available for this project?

what

is this project?

Name: OWASP AW00T (home page)

Purpose: Its an implementation of binary stubs from basic to the polymorphic code that will show how viruses and malicious files get themselves undetected from the Antiviruses.

The generated stubs can be appended to any program and also a new approach of AV avoidance will be shown also special programs for hunting down the signatures and extracting them, and editing them for better use will be incorporated.

<b>The new approach now will show that any virus/malware being fetched to the program in encrypted format will be safely tested
with the installed AV or any other program catching malicious files which will in short fuzz the AV for typical scenarios and weak spots.
If the program fails to somehow attack the target AV it will then try to break up the file and look for exact part of code that is embedded in AV as signature and will then work on our second strategy of avoiding its bypass
There will be two variants of program one for just experimentation and other one for real application in testing a machines security </b>

The second one named also named as AW00T but will be written in black words and the earlier variant will be written in white.

We will use a cloud based environment to check for possible kernel level exploits as after that we can get our programs running underneath the Application level and making it highly impossible for
AV and Firewalls to monitor the data. The cloud will be used to share code and determine most probable attacks within less time and collecting attack scenarios and real time and generating our custom signatures and classifying them accordingly this will help us in keeping our program size as low as possible.

Antivirus nowadays comes with that protection too i also have a solution for that and will be discussed in our documented regarding the functional in our wiki page. Please check it soon

The next important thing comes for protecting our code when it is scanned by the AV in the memory itself while in execution